From 2b13f299bda4e17e609cbecbc56708db0e066342 Mon Sep 17 00:00:00 2001
From: Erik Burton <erik.burton@smartcontract.com>
Date: Wed, 20 May 2026 13:11:45 +0100
Subject: [PATCH 1/2] feat(ci): apidiff reusable workflow, enforce compatible

---
 .github/workflows/api-diff.yml | 66 ++++++----------------------------
 1 file changed, 10 insertions(+), 56 deletions(-)

diff --git a/.github/workflows/api-diff.yml b/.github/workflows/api-diff.yml
index 2821697f81..4b32454835 100644
--- a/.github/workflows/api-diff.yml
+++ b/.github/workflows/api-diff.yml
@@ -7,59 +7,13 @@ on:
   pull_request:
 
 jobs:
-  changed-modules:
-    name: Determine Changed Modules
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: read
-    outputs:
-      modules-json: ${{ steps.changed-modules.outputs.modules-json }}
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v5
-        with:
-          fetch-depth: 0
-
-      - name: Changed modules
-        id: changed-modules
-        uses: smartcontractkit/.github/actions/changed-modules-go@changed-modules-go/v1
-        with:
-          file-patterns: |
-            **/*.go
-            **/go.mod
-            **/go.sum
-          module-patterns: |
-            **
-
-  analyze-api-changes:
-    if: ${{ needs.changed-modules.outputs.modules-json != '[]' }}
-    name: Analyze (${{ matrix.module }})
-    runs-on: ubuntu-latest
-    needs: changed-modules
-    permissions:
-      pull-requests: write
-      contents: read
-    strategy:
-      fail-fast: false
-      matrix:
-        module: ${{ fromJson(needs.changed-modules.outputs.modules-json) }}
-    steps:
-      - name: Checkout the repository
-        uses: actions/checkout@v5
-        with:
-          fetch-depth: 0
-
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version-file: ${{ matrix.module }}/go.mod
-          cache: false
-
-      - uses: smartcontractkit/.github/actions/apidiff-go@apidiff-go/v2
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-        with:
-          module-directory: ${{ matrix.module }}
-          enforce-compatible: false
-          post-comment: true
+  api-diff:
+    uses: smartcontractkit/.github/.github/workflows/reusable-apidiff-go-analysis.yml@reusable-apidiff-go-analysis/v1
+    with:
+      file-patterns: |
+        **/*.go
+        **/go.mod
+        **/go.sum
+      module-patterns: |
+        **
+      enforce-compatible: ${{ !contains(github.event.pull_request.labels.*.name, 'allow-incompatible') }}

From 450576b4eaacb2cfc3b05c206221817a6f268be5 Mon Sep 17 00:00:00 2001
From: Erik Burton <erik.burton@smartcontract.com>
Date: Wed, 20 May 2026 13:15:49 +0100
Subject: [PATCH 2/2] fix: limit gh token permissions

---
 .github/workflows/api-diff.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/api-diff.yml b/.github/workflows/api-diff.yml
index 4b32454835..342a6de22d 100644
--- a/.github/workflows/api-diff.yml
+++ b/.github/workflows/api-diff.yml
@@ -6,6 +6,10 @@ on:
       - main
   pull_request:
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   api-diff:
     uses: smartcontractkit/.github/.github/workflows/reusable-apidiff-go-analysis.yml@reusable-apidiff-go-analysis/v1